With the widespread use of cloud based storage and mobile computing devices, enterprises and other organizations are subject to loss and leakage of their sensitive information, as a result of both inadvertent and malicious user activity. An organization's data loss prevention policy can identify sensitive information, and specify how it may and may not be accessed and used. For example, within a given company certain members of the Human Resources department may be authorized to access personal employee information such as home addresses and social security numbers. However, removing such information from the company, either intentionally or inadvertently, could be a violation of company policy.
When viewing files or other information on screen, sensitive information subject to the organization data loss prevention policy can be displayed. It is often the case that the company policy necessitates that specific users be able to view sensitive information on their screens in order to do their job. However, displaying sensitive information creates the possibility of data leaks. For example, screen capture software can be used to capture the content being displayed, including sensitive information. These screen captures could then be shared, resulting in a leak of sensitive information. In addition, a computer display screen can be photographed (e.g., by a user's phone). The resulting photos are also a potential vector for sensitive information leakage. However, blocking the display of the sensitive information outright is problematic, because as noted above, the organization may require that given parties be able to view the information, but not to capture or photograph it.
It would be desirable to address these issues.